Can't add Exchange Server 2019 server to a DAG Error:CreateCluster() failed with 0x42a

Joseph Larrew 331 Reputation points Microsoft Employee

Environment: Exchange Server 2019 Exchange 2013 exists Forest functional level – 2016 Exchange Server OS – Server 2019 Exchange servers are VMs (vSphere 6.7) Hey team, got an odd error here when my customer runs “Add-DatabaseAvailabilityGroupServer” for the first server being added to a 2019 DAG: [2020-10-06T21:22:34] The operation wasn't successful because an error was encountered. You may find more details in log file "C:\ExchangeSetupLogs\DagTasks\dagtask_2020-10-06_21-19-28.923_add-databaseavailabiltygroupserver.log" on "XXXX-EX19A1-X". (the log is attached) [2020-10-06T21:22:34] WriteError! Exception = Microsoft.Exchange.Cluster.Replay.DagTaskOperationFailedException: A server-side database availability group administrative operation failed. Error The operation failed. CreateCluster errors may result from incorrectly configured static addresses. Error: An error occurred while attempting a cluster operation. Error: Cluster API failed: "CreateCluster() failed with 0x42a. Error: The service has returned a service-specific error code". ---> [30752-error-dag.txt][1] When I look up further in the log that the error mentions, I see the error code mentioned: [2020-10-06T21:22:34] ClusterSetupProgressCallback( eSetupPhase = ClusterSetupPhaseFormingCluster, ePhaseType = ClusterSetupPhaseEnd, ePhaseSeverity = ClusterSetupPhaseFatal, dwPercentComplete = 56, szObjectName = xxxx-daga-x, dwStatus = 0x42a ) We tried adding a different server first, but same error occurs. I’ve seen a couple of links mentioning permissions/configurations on the CNO and duplicate MACs, but all those things are set correctly as well. We’ve also tried removing and re-creating the DAG (with the same name and with a different name) without an IP without success. At first, we were getting an error about Failover Clustering not being installed. We checked that and it said a restart was pending, so we restarted and now we get this error above. Also in the log, it mentions the DAG CNO doesn’t exist, but it does. Screenshots show the command we ran and where it sticks, then the second shows the error message that comes up afterward. Anyone got any ideas? ![30773-screenshot.png][2]![30783-failedscreenshot.png][3] [1]: /api/attachments/30752-error-dag.txt?platform=QnA [2]: /api/attachments/30773-screenshot.png?platform=QnA [3]: /api/attachments/30783-failedscreenshot.png?platform=QnA

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,205 questions
{count} votes

Accepted answer
  1. Ashok M 6,496 Reputation points


    Can you please check the below,

    1. Have you pre-staged the CNO object?

    1. Can you try creating IP-Less DAG and check if the issue still persists
    2. Make sure the firewall communication between the Exchange servers are allowed
    3. Try disabling windows firewall/AV on the exchange temporarily and check again
    4. If you have multiple NIC's, make sure it uses the primary NIC for the communication
    5. Uninstall the failover cluster manager, disable IPv6 using registry, reboot the server and then try adding it

    Disabling IPv6 using registry, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters
    Set DisabledComponents to ffffffff

    Please Note: Take the backup of the registry before making changes and be careful in the changes as the improper configuration would lead to other issues.

    Also, its not recommended to disable IPv6, this is only for addressing this issue and check if this resolves. I fixed the similar issue in an environment by disabling IPv6 and once the node is added successfully, I re-enabled it again.

    1. Check the GPO for any deny policy on the local logins because a local user account CLIUSR will be created

    Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Deny Log on Locally

    "Now we also can't add any servers to the 2013 DAGs in the lab. We've been making some changes around AD, but we still haven't figured it out."

    Could you please explain what changes are done in AD and are you trying to add both Exchange 2013 & 2019 in same DAG?

    Cluster service will be installed while installing the Failover cluster manager and it will start once the node is added to the DAG. Cluster service wont start event is triggered because the node is trying to join DAG and it will attempt to start it. So, this can be ignored for now unless it is still populating even after the node is joined.

3 additional answers

Sort by: Most helpful
  1. Joseph Larrew 331 Reputation points Microsoft Employee

    For the TL:DR folks, the answer ended up being that there was a "Deny access to this computer from the network" setting configured to not allow "Local Accounts" (read as: CLIUSR). And that makes sense because that user is heavily involved in managing and establishing the cluster.

    1 person found this answer helpful.

  2. Kael Yao-MSFT 36,501 Reputation points Microsoft Vendor

    anonymous user
    if there is no cluster, would the service start?
    I tested it in my lab(Exchange 2019 CU2):
    If the server hasn't been add to the DAG (a cluster)yet,the cluster service is disabled and can't be started(the button is grayed out)
    Are you able to click start? And after that does the Event Viewer generate the 1090,7024,7031 errors?

    Now we also can't add any servers to the 2013 DAGs in the lab.
    Did you receive the same error as Exchange 2019?
    Please check if there are some network problems between the new servers and the numbers of the DAG.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Chris Stanlake 1 Reputation point

    So glad I found this post, the same GPO setting was stopping me adding a second server into a DAG in Exchange 2019.

    0 comments No comments